Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^3: PerlTaintCheck and configuration for secure paths

by shmem (Canon)
on Jun 22, 2006 at 17:51 UTC ( #556964=note: print w/ replies, xml ) Need Help??


in reply to Re^2: PerlTaintCheck and configuration for secure paths
in thread PerlTaintCheck and configuration for secure paths

If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

In perlsec is a snippet of code:

sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; }
--shmem
_($_=" "x(1<<5)."?\n".q/)Oo.  G\        /
                              /\_/(q    /
----------------------------  \__(m.====.(_("always off the crowd"))."
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}


Comment on Re^3: PerlTaintCheck and configuration for secure paths
Select or Download Code
Re^4: PerlTaintCheck and configuration for secure paths
by geektron (Curate) on Jun 22, 2006 at 18:08 UTC
    the operative phrasing i missed: *not sanitized* ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://556964]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (11)
As of 2014-07-11 06:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (220 votes), past polls